Technology, Top News

Facebook add-on TimeHop has been pwned by hackers

SELF-INDULGENT Facebook add-on TimeHop has reported it is the latest victim of hacking with a breach affecting its entire user base of 21 million users worldwide.

The “security incident”, as it is being described, occurred on 4 July when a “network intrusion” was interrupted by internal security teams.

TimeHop, an add-on for Facebook which reminds users of all the things that happened to them in the past, remains hugely popular despite Facebook itself now offering similar functionality within the main interface.

“At 2:04 US Eastern Time in the afternoon of the 4th of July 2018, Timehop observed a network intrusion. The breach occurred because an access credential to our cloud computing environment was compromised,” TimeHop said in a statement.

“That cloud computing account had not been protected by multifactor authentication. We have now taken steps that include multifactor authentication to secure our authorization and access controls on all accounts.”

TimeHop has now invalidated all API tokens and produced one of the most comprehensive security bulletins we’ve ever seen with a wealth of information including what the implications are under GDPR – or more specifically, that it’s not entirely clear.

The upshot for users is pretty simple – they’ll need to log in again and reauthorise TimeHop. Doing so may end up leading to a bunch of content being inaccessible for a while whilst a new set of keys establishes itself.

User Streaks, basically a record of the number of consecutive days that people have interacted with their gory past, have been maintained but frozen.

The big problem doesn’t affect UK users, but will be making our US cousins sweat – phone numbers were leaked. TimeHop recommends adding a PIN to your phone account because if abused, this could be used for identity theft – starting with, but not limited to, porting the number without permission.

Other info taken includes “some” names and email addresses. But because TimeHop doesn’t have its own username and password set up, there’s none of that shenanigan to deal with. μ

Further reading

Source : Inquirer

Previous ArticleNext Article
Founder and Editor-in-Chief of 'Professional Hackers India'. Technology Evangelist, Security Analyst, Cyber Security Expert, PHP Developer and Part time hacker.

Send this to a friend